telerik-infoleaks.yaml

send:
  - method: 'GET'
    url: '/Telerik.Web.UI.DialogHandler.aspx?checkHandler=true'

detect:
  - response:
    - body: 'HandlerCheckOK'
    - body: 'Telerik.Web.UI.WebResource.*Version=(2007.1423|2007.1521|2007.1626|2007.2918|2007.21010|2007.21107|2007.31218|2007.31314|2007.31425|2008.1415|2008.1515|2008.1619|2008.2723|2008.2826|2008.21001|2008.31105|2008.31125|2008.31314|2009.1311|2009.1402|2009.1527|2009.2701|2009.2826|2009.31103|2009.31208|2009.31314|2010.1309|2010.1415|2010.1519|2010.2713|2010.2826|2010.2929|2010.31109|2010.31215|2010.31317|2011.1315|2011.1413|2011.1519|2011.2712|2011.2915|2011.31115|2011.3.1305|2012.1.215|2012.1.411|2012.2.607|2012.2.724|2012.2.912|2012.3.1016|2012.3.1205|2012.3.1308|2013.1.220|2013.1.403|2013.1.417|2013.2.611|2013.2.717|2013.3.1015|2013.3.1114|2013.3.1324|2014.1.225|2014.1.403|2014.2.618|2014.2.724|2014.3.1024|2015.1.204|2015.1.225|2015.1.401|2015.2.604|2015.2.623|2015.2.729|2015.2.826|2015.3.930|2015.3.1111|2016.1.113|2016.1.225|2016.2.504|2016.2.607|2016.3.914|2016.3.1018|2016.3.1027|2017.1.118|2017.1.228|2017.2.503|2017.2.621|2017.2.711|2017.3.913)'

meta-info:
  - type: info
  - threat: 67
  - applicable_for: 
    - fast
  - tags:
    - Telerik Web UI
    - Possible RCE
    - Access to Document Managment
    - CVE-2017-9248
    - Telerik Web ASP
    - OWASP Top 10
    - OWASP
    - CVE-2017-9248